Oracle Blog

Random NetBeans Stuff

Web Service Security: Three Steps

I've been looking at adding security to the simple web service created in the J2EE Tutorial's Creating a Simple Web Service and Client with JAX-RPC section. Once it all makes sense to me, I'll turn it all into a tutorial. Currently, my understanding (aided by Petr Blaha, a very helpful NetBeans developer and colleague) goes like this:

Configure a security realm on the Sun Java System Application Server. (Or on whatever J2EE 1.4 application server you use for deployment. No, Tomcat is not a J2EE 1.4 application server.) For the SJS Application Server, you need to start it and then right-click its node in the IDE's Runtime window and choose View Admin Console. Under Configuration > Security > Realms > file, you can add the user ID and password:

Next, add a security role mapping to the server's server-specific deployment descriptor (at least, this is necessary for the SJS Application Server):

There are other (and better) ways of setting security from the client side, but this is the simplest scenario.

Now run the web service. The first time you do this, the server should prompt you for the user name and password. And then, once it's succesfully launched, run the client. A little password dialog box appears where you can type in the username and password:

Everything should now be well with the world -- if you type in the correct username and password and click OK... Bob's your father's brother and the static-stub client will have successfully made access to the web service.

Hi
This is babu from ramco System, Now iam developing application in webservice. so we plan to use websphere 6.0 version.
I able to run username token security in tomcat5, so how can i implement username token security in WAS.
I able to run without security service in WAS, but my requirement is enabling security using username and password.
please help me to solve the problem.
regards
Babu J

About

Geertjan Wielenga (@geertjanw) is a Principal Product Manager in the Oracle Developer Tools group living & working in Amsterdam. He is a Java technology enthusiast, evangelist, trainer, speaker, and writer. He blogs here daily.

The focus of this blog is mostly on NetBeans (a development tool primarily for Java programmers), with an occasional reference to NetBeans, and sometimes diverging to topics relating to NetBeans. And then there are days when NetBeans is mentioned, just for a change.